Coming anew to this list because I'm exploring options for a firewall,
I've just read through all the archived back discussions, which, now I
can focus again, have helped a lot. But, let me risk a few questions?
Proxy gateways: I understand their limitations, but I may well have to
think in these terms. I read about proxy software as part of the
firewall `packages' from Raptor, ANS (Interlock), and DEC (SEAL), as
well as SUN's itelnet/iftp software, and I'm looking at these. Any
others? I was amazed that there doesn't seem to be *any* non-commercial
(ie, freely available) proxy software. Is this the case? This might be
more telling when thinking of services beyond the basic telnet and ftp:
I noticed wais and gopher being talked about..
I have SUN's two-sheet flyer describing SUN's `Consult-Igateway'
(itelnet/iftp) and it sounds as if at some contributors to Firewalls are
using it?
Presumably for a *standard* ftp client to use the in.ftp-gw server, it
would have to connect to a new port number and use a QUOTE command to
specify a remote host. How would a standard telnet client use
in.telnet-gw?? I can see how it could connect to a new port number,
but then what: does in.telnet-gw start a dialogue?
How usable is it, generally, if you're not using the special clients
(which would probably be most often)?
How flexibly can it be configured?
Does one get (usable) source for the servers? (I'm thinking here
about the possibility of reusing it to support other protocols..)
Is anyone using the in.ftp-gw/in.telnet-gw to handle *incoming* calls?
-- could one plumb in a stage of authentication, perhaps?
While we're on SUNs: I can see how Ultrix's screend or Irix's ipfilterd
provide a simple way to have a selective veto of packets matching
defined criteria. Is there a similar mechanism available on SunOS? The
`nit' would seem to provide a mechanism for achieving the same thing,
but..
Isn't running X across a firewall always going to be a contradiction in
terms?
Enough for now. Thanks for any thoughts..
I.